Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43043
HistoryAug 31, 2023 - 8:19 a.m.

URL Redirection To Untrusted Site ('Open Redirect')

2023-08-3108:19:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
url redirection
untrusted site
open redirect
login flow
malicious url
software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.4%

jupyter-server is vulnerable to open redirect vulnerability. The vulnerability occurs due to not validating the redirect urls generated as part of the login flow. An attacker can trick a user into clicking a login link to jupyter server which includes malicious url redirect.

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.4%